From 257d23349913476d87becc9f73b356230cc09cd6 Mon Sep 17 00:00:00 2001 From: shirenn Date: Sat, 15 Jan 2022 17:48:20 +0100 Subject: [PATCH] [slapd] DNS integration --- roles/slapd/templates/ldap/slapd.conf.j2 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/roles/slapd/templates/ldap/slapd.conf.j2 b/roles/slapd/templates/ldap/slapd.conf.j2 index 0d7c7214..571f3277 100644 --- a/roles/slapd/templates/ldap/slapd.conf.j2 +++ b/roles/slapd/templates/ldap/slapd.conf.j2 @@ -35,6 +35,8 @@ constraint_attribute description regex {{ slapd.regex }} restrict=ldap:///ou=hosts,dc=crans,dc=org??one?(objectClass=device) constraint_attribute uid regex ^_ restrict=ldap:///ou=passwd,dc=crans,dc=org??one?(objectClass=posixAccount) +constraint_attribute description regex ^.*(\ IN)?\ (TXT|DNAME|AAAA|CNAME)\ .*$ + restrict=ldap:///ou=dns,dc=crans,dc=org??sub?(objectClass=dNSDomain) moduleload syncprov {% endif %} @@ -136,6 +138,12 @@ access to attrs=userPassword,shadowLastChange by anonymous auth by * none +access to attrs=loginShell,mail,telephoneNumber + by self write + by set="[cn=_nounou,ou=group,dc=crans,dc=org]/memberUid & user/uid" write + by dn="cn=replicator,dc=crans,dc=org" read + by * read + # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what @@ -166,6 +174,12 @@ access to attrs=userPassword,shadowLastChange by dn="cn=replicator,dc=crans,dc=org" read by * none +access to attrs=loginShell,mail,telephoneNumber + by self write + by set="[cn=_nounou,ou=group,dc=crans,dc=org]/memberUid & user/uid" write + by dn="cn=replicator,dc=crans,dc=org" read + by * read + # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what